Vendor
ORY Oathkeeper Authentication Bypass Vulnerability (CVE-2026-33496)
2 rules 1 TTPORY Oathkeeper before 26.2.0 is vulnerable to authentication bypass (CVE-2026-33496) due to cache key confusion in the `oauth2_introspection` authenticator, allowing attackers with a valid token to bypass authentication by reusing it with different introspection URLs.
Ory Keto SQL Injection Vulnerability via GetRelationships API (CVE-2026-33505)
2 rules 1 TTPOry Keto versions prior to 26.2.0 are vulnerable to SQL injection via the GetRelationships API due to flaws in its pagination implementation, enabling attackers with knowledge of the pagination secret (or the default secret) to craft malicious tokens leading to arbitrary SQL query execution.
ORY Oathkeeper Authorization Bypass via Path Traversal (CVE-2026-33494)
2 rules 1 TTPORY Oathkeeper versions prior to 26.2.0 are vulnerable to an authorization bypass (CVE-2026-33494) via HTTP path traversal, enabling attackers to access protected resources by crafting URLs with path traversal sequences.